Q) What should you do If your company wants to send all emails to your internal SOC team except simulation emails, which must go to PhishArm Dashboard?
Ans) Only Enable the rule by following parts (A and B) to help you integrate the report button to send all emails to your internal SOC team except simulation emails.
Table of Contents
Step 1: Add Mail Contact in the Exchange admin center
After installing the plugin, we now need to add a Right-Hand reporting email contact list
Now, log in to your Admin Exchange Center account and navigate to Recipients > Contacts.
Click Add a mail contact.
In the New Mail Contact pane, type your details:
a) Display Name: The name that would appear on the Contacts page.
b) Alias: Type PhishArm as the Alias name.
c) External email address: Type [email protected] as a contact.
Click Next. The Mail contact information (optional) appears.
Click Next.
The Review mail contact displays the summary of data entered.
Review the data and click Create.
The new contact will take a while to appear on the Contacts page. You can refresh the page or wait for some more time for the contact to occur.
Step 2: Configure Microsoft Plugin
After setting up a mail contact, you must enable the button and set up a few policies and rules from the Microsoft 365 Defender. The following steps guide you on how to enable and configure the rules:
Login to your Microsoft 365 Defender portal and navigate Settings > Email & collaboration > User reported settings.
On the User reported settings page, enable the toggle button.
Select the built-in reporting option, as it is easy to report.
You can configure messaging criteria based on your company’s needs. Select the Customize messages option, choose your preferred language for the prompt, set new messages in each tab, and click save.
Inside the reported email destination, select Microsoft only from Send reported messages to the field.
Click on the Save button.
Now, the Microsoft plugin has been configured.
Step 3: Add Mail flow rules in the Exchange admin center
(A) The Company Wants To Forward All Emails To PhishArm Dashboard
The following steps will help you add the Mail flow rules:
Navigate to Mail flow > Rules > click + icon (add new rule). You can copy the existing rules for future reference.
From the + icon (add new rule) drop-down, select Create new rule…
In the new rule window, in the Name field, type the rule's name.
From the Apply this rule if… drop-down, select The recipient address includes…
In the specified words or phrases pop-up, copy and paste the following (click the + icon to add multiple fields):
Click on the + sign to add one more matching rule. Select the option The Subject or body and in the condition, select subject or body includes any words.
In the specified words or phrases pop-up, add the following two options.
linktosso.com
linktologin.com
As we finish the condition, we have to define the action.
From the Do the following… drop-down, select Redirect the message to and from the options, select
these recipient.
Click on Select On, and a window with the list of all the contacts will appear. Search for the Right hand reporting email, i.e., [email protected], and select it, then click on the save button to save the recipient.
Now Click on the Next button and set the following values to
Rule Mode: Enforce
Severity: High
Please uncheck the box that states Stop processing more rules.
Click on Next and then the Finish button. The rule will appear in the list.
Now, we need to edit this rule further. Click on the rule, and it will open the slider. Enable this rule by clicking the toggle and then clicking on the rule settings. Change the Priority to 0 and click on the save button.
After that, the rule will appear enabled at the list's top.
The configuration has been successfully set up.
(B) The Company Wants To Forward Only Simulation Emails To PhishArm Dashboard.
The following steps will help you add the Mail flow rules:
Navigate to Mail flow > Rules > click + icon (add new rule). You can copy the existing rules for future reference.
From the + icon (add new rule) drop-down, select Create new rule…
In the new rule window, in the Name field, type the rule's name.
From the Apply this rule if… drop-down, select The recipient address includes…
In the specified words or phrases pop-up, copy and paste the following (click the + icon to add multiple fields):
Click on the + sign to add one more matching rule. Select the option The Subject or body and in the condition, select subject or body includes any words.
In the specified words or phrases pop-up, add the following two options.
linktosso.com
linktologin.com
As we finish the condition, we have to define the action.
From the Do the following… drop-down, select Redirect the message to and from the options, select
these recipient.
Click on Select On, and a window with the list of all the contacts will appear. Search for the Right hand reporting email, i.e., [email protected], and select it, then click on the save button to save the recipient.
Now Click on the Next button and set the following values to
Rule Mode: Enforce
Severity: High
Please uncheck the box that states Stop processing more rules.
Click on Next and then the Finish button. The rule will appear in the list.
Now, we need to edit this rule further. Click on the rule, and it will open the slider. Enable this rule by clicking the toggle and then clicking on the rule settings. Change the Priority to 0 and click on the save button.
After that, the rule will appear enabled at the list's top.
The configuration has been successfully set up.